Information Security Architect

  • Company: AmerisourceBergen
  • Location: Chesterbrook, Pennsylvania
  • Posted: February 03, 2017
  • Reference ID: 00001HPZ
Sr. Information Security Specialist - Security Architect role is responsible for improving application and systems security and will support efforts to minimize the possibility that coding, design, or configuration security vulnerabilities could work their way into production environments, presenting a potential point-of-compromise.
The Security Architect will maintain involvement in the organization's Software Development Life Cycle (SDLC) process, and liaise with business and technical resources. The Security Architect will review project documentation, research and reference security policy, render recommendations and guidance, approve or reject project artifacts from a security perspective, and perform other tasks in the pursuit of securing systems, processes, and software applications.
  • Defining security requirements by evaluating business strategies and requirements; researching information security standards
  • Ensuring that development is done in accordance with industry standards for secure development
  • Elements include Encryption, Access Control, Web Application Vulnerability Detection, OWASP top 10 and other common web application security parameters.
  • Reviewing application architecture and design from an application security and information security perspective ensuring alignment with organization security standards and industry best practices.
  • Providing input and recommendations to the development teams related to architecture, design, coding practices and SDLC elements that could potentially impact the application or solution from a security perspective.
  • Facilitating Periodic static code analysis utilizing existing standard service offering.
  • Facilitating dynamic and/or manual security testing utilizing existing standard service offering
  • Providing technical expertise on secure software development and support of all associated activities, processes, and tools for protecting technology-based information
  • Providing consulting services and security support to internal business and technical customers
  • Reviewing, developing, testing, and implementing security plans, products, and control techniques
  • Reviewing circumstances surrounding security gaps in and designs corrective actions
  • Evangelizing security policies and standards where/when needed
  • Maintaining awareness of security and technology trends and shares that knowledge with others
  • Assisting with the development of secure coding standards
  • Serving as the lead security liaison on assigned projects.
  • Weekly Status Reporting - for Work in Process and Planned and issues
  • Documenting processes, procedures, assessment outputs, working papers documentation to support existing SDLC and governance requirements
  • Serves as a subject matter expert (SME) for performing vendor risk assessments to improve overall vendor risk program.
  • Represents security and IT risks among other company risk departments and committees.
  • Evaluates the effectiveness of awareness and training programs and makes recommendations for improvement.
  • Mentors less-experienced team members.

  • Requires in-depth knowledge of security issues, techniques and implications across all existing computer platforms.
  • Experience with evaluating and implementing security controls as related to Cloud based services including SaaS, PassS, IasS.
  • Strong computer skills in order to operate effectively with company systems and programs; working knowledge of applicable computer applications used at ABC
  • Working knowledge of network solutions and systems
  • Good analytical and problem solving skills
  • Ability to communicate effectively both orally and in writing
  • Good interpersonal skills
  • Ability to prioritize work load and consistently meet deadlines
  • Strong organizational skills; attention to detail
  • Ability to lead and provide direction to project teams
  • Strong consultative skills; ability to interface effectively with technical and non-technical leaders.
  • Understands Information Security as it relates to the business and other areas of IT; understands direct impacts and risks.
  • Demonstrated sound understanding of at least 3 of the following standards such as ISO 27001/27002, COBIT, ITIL, NIST and PCI
  • Preferred Certification in one or more Information Security relevant areas such as Audit (CISA), Security Management (CISM), Security Professional (CISSP) and business experience in a matrix Organization required
  • Directly applicable International / Global Experience required

  • Bachelor's Degree in Computer Science, Information Systems or other related field, or equivalent work experience.
  • Typically requires 7-10 years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration and over 5 years' experience designing and deploying security solutions at the enterprise level.
  • Security Certification(s) preferred (i.e., Certified Information Systems Security Professional (CISSP), or Certified Information Security Manage (CISM).

Share this Job